Unisoft Corporation logo

Signing Applications with MHP Security File Generator

The UniSoft MHP Security File Generator generates the various files described in chapter 12 of the MHP specification.

It is targeted at two types of user:

  1. MHP application developers who prepare applications for delivery through a broadcast network.
  2. Certificate authorities who support the Public Key Infrastructure (PKI) associated with the MHP security framework.

Features for MHP Application Developers

The main security associated task as an MHP application developer is to apply a signature to an application which uses capabilities outside the MHP sand box. Often this application will include a permission file that defines the set of MHP facilities that the application needs to access.

The MHP Security File Generator provides facilities for the following steps that you need to take in order to sign applications:

  1. Key generation - to produce a public/private key pair that you use to sign applications.
  2. Certificate management - to manage all the certificates that are provided by the certificate authorities who generate your certificates.
  3. Permission file generation - to create permission files that can include persistent file credentials provided to you by other application developers.
  4. Application signing - to create the hash files, certificate files and signature files that are specified in the MHP security framework.
  5. Persistent file credential generation - to create a persistent file credential and the associated certificate files that you can pass to other application developers who need access to the files that your application generates in persistent storage.

Product Features for Certificate Authorities

The main task as a certificate authority is to manage a part of the PKI through the issuing of certificates and maintenance of CRLs associated with your own certificate.

The MHP Security File Generator provides facilities for the following functions that you need to provide to your users:

  1. Key generation - to produce a public/private key pair that you use to sign applications.
  2. Certificate management - to manage all the certificates that are provided by the certificate authorities who generate your certificates and those that you provide to your users.
  3. Certificate generation - to produce certificates for application developers and subsidiary certificate authorities as and when requested.
  4. CRL generation - to revoke certificates that you have issued and have since been compromised.

For Root Certificate Authorities

In addition, if you are operating as a Root Certificate Authority, the MHP Security File Generator provides you with the following capabilities:

  1. Root certificate generation - to create a self-signed certificate that provides a point of trust for the certificates that it signs.
  2. RCMM generation - to produce RCMMs for distribution to MHP receivers.
  3. RCMM signing - to apply a signature to RCMMs that have been generated by other Root Certificate Authorities